Microsoft Sysmon provides support to detect Process Herpaderping breaches

6
Microsoft Sysmon provides support

Microsoft has launched a new version of the Sysinternals package. The organization has also updated the Sysmon Utility with the capacity to identify Process Hollowing and Process Herpaderping attacks. The package is a collection of apps developed to help system admins debug Windows devices or enable security researchers to track and analyze malware attacks.

The Sysinternals pack contains more than 160 different apps, and each is useful for specific tasks. Sysmon or the System Monitor is the most popular app and works by logging system-level occurrences to the default Windows event log system.

Source: zdnet